U.S. Law: Gramm-Leach-Bliley Act (GLBA) & Sarbanes–Oxley Act (SOX)

Question 1

What does SOX Act stand for?

Answer 1

Sarbanes-Oaxly Act

Question 2

What is the organization responsible for establishing SOX standards and guidelines and conducting audits and imposing subsequent fines?

Answer 2

Security and Exchange Comission (SEC)

Question 3

Who does SOX apply to?

Answer 3

all publically traded corporations in the U.S.

Question 4

What is the goal of SOX?

Answer 4

create an environment of regulatory transparency where companies are required to disclose information about their financial status and implement controls to ensure the accuracy of that information; prevents fraudulent and poor practices

Question 5

GLBA recognizes legal difference between what two entities?

Answer 5

customer and consumer

Question 6

How is customer defined in GLBA?

Answer 6

customers have an ongoing relationsip with financial institution

Question 7

How is consumer defined in GLBA?

Answer 7

only conduct isolated transactions with financial institution, such as caching a check at a bank or visiting bank’s website

Question 8

What is the legal obligation of financial institutions towards consumers under GLBA?

Answer 8

financial institution needs to provide summary privacy notice that includes instructions for finding the full notice

Question 9

What requirement for data breach reporting does the Sarbanes–Oxley Act place on organizations that must comply with it?

Answer 9

data breaches must be reported in annual and quarterly reports; also breaches must be reported to auditors

Question 10

To whom must breaches be reported under Sarbanes–Oxley?

Answer 10

auditors as well as implementing methods to identify if breaches have occurred

Question 11

Who is regulataed under GLBA?

Answer 11

financial institutions, that are significantly engaged in offering financial services

Question 12

How does GLBA protect consumer’s privacy?

Answer 12

1. better informing consumers about how their financial information is used
2. by regulating the use of consumer information by financial institutions

Question 13

How do financial institutions share their full privacy notices with all details with customers as their legal obligation under GLBA?

Answer 13

1. when they first begin business relationship with a customer
2. annualy with updated privacy notices

Question 14

What are the three main sections of GLBA?

Answer 14

• financial privacy rule
  
  • regulates collection and disclosure of private financial info
• safeguards rule
  
  • stripulates that financial institutions must implement security programs to protect such information
• pretexting provisions
  
  • prohibit the practice of pretexting (accessing private info using false pretenses)

Question 15

What is the section 802 of SOX Act?

Answer 15

it is a crime to destroy, change or hide documents to prevent their use in official legal processes

Question 16

What is the section 804 of SOX Act?

Answer 16

companies must keep audit-related records for a minimum of 5 years

Question 17

When is SOX compliance often an issue?

Answer 17

data breaches and ransomware incidents at publically traded companies; loss of data related to compliance due to external factors does NOT protect companies from legal obligations